How to publish Alerts in Azure Dashboard

 

Introduction


Azure alerts are commonly used in most of the customer environments and it can be configured for any resources you run on Azure or On-premises or other cloud solutions. But i see little difficult in getting this alerts to be published in Azure Dashboards. So I thought of sharing this article so that it might be useful for others. 

Solution

I have used Resource Graph query & Workbook to publish all the alerts in Azure Dashboard and it's great feature too. 

Supported Alert Signal types:
  • Metric
  • LogSearch
  • Resource Health
  • Service Health

Below is the Resource Graph query which i used to pull all the alerts.

alertsmanagementresources
extend TimeFired = todatetime(properties.essentials.startDateTime)
extend EventOccured = todatetime(properties.context.context.activityLog.eventTimestamp)
extend AlertName = name
extend subscriptionId = subscriptionId
where subscriptionId !contains "xxxx-xxxx-xxxxx-xxxx" //Exclude SBX Subscription Alerts
extend MonitorService = properties.essentials.monitorService //Get the Alert type
extend ResourceName = properties.essentials.targetResourceName //Get the Server Name for Resource health type alert if any
extend Resource = properties.context.AffectedConfigurationItems //Get the Server Name for Log Search type alert if any
extend Server = split(Resource, "/")[-1//Select the server from the Log Search alert
project-away Resource
extend Description = properties.essentials.description
project-away id, name, type, tenantId, kind, location, resourceGroup, subscriptionId, managedBy,sku,plan,tags,identity,zones,
        extendedLocation, apiVersion
extend LogStatus = properties.essentials.monitorCondition //Get the status of Log Search alerts
extend ResStatus = tostring(properties.context.context.activityLog.status) //Get the status of Resource Health alerts
extend PltLogStatus = properties.essentials.monitorCondition //Get the status of Platform alerts
extend Status = case(MonitorService contains "Resource Health", ResStatus, MonitorService contains "Log Analytics"
        LogStatus, MonitorService contains "Platform", PltLogStatus, "N/A"// Combine the status based on the type of alerts
extend ServerName = case(MonitorService contains "Resource Health", ResourceName, 
        MonitorService contains "Log Analytics", Server, MonitorService contains "Platform", ResourceName, 
            ResourceName) // Combine the Server Name based on the type of alerts
project ["Time Fired (In-UTC)"]=format_datetime(TimeFired, 'MM-dd-yyyy HH:mm:ss'),
        EventOccured, ["Alert Name"] = AlertName, ["Server Name"] =  ServerName, Status, Description
project-rename ["Event Time (In-UTC)"] = EventOccured
sort by ["Event Time (In-UTC)"] desc

Run the above query in Resource Graph explorer and pin the same into Azure Dashboard.




Azure Dashboard


















In the next blog, I will demonstrate how to use Workbooks to apply some filters, Highlight the critical alerts and much more. 

Comments

Post a Comment